kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 2 Releases Activity

bundles/wireguard: health checks for everyone

Browse source
This commit is contained in:
Franzi 2023-09-11 09:09:09 +02:00
parent 15eaa94397
commit 4f260932c3
Signed by: kunsi
GPG key ID: 12E3D2136B818350
5 changed files with 45 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

22
bundles/wireguard/items.py
View file

@ -13,7 +13,6 @@ deps = set()
if node.has_bundle('apt'):
deps.add('pkg_apt:wireguard')
health_checks = {}
for peer, config in sorted(node.metadata.get('wireguard/peers', {}).items()):
files[f'/etc/systemd/network/wg_{config["iface"]}.netdev'] = {
'content_type': 'mako',
@ -35,20 +34,13 @@ for peer, config in sorted(node.metadata.get('wireguard/peers', {}).items()):
},
}
if config.get('health_check', False):
health_checks[peer] = config['their_ip']
if health_checks:
files['/usr/local/bin/wg_health_check'] = {
'content_type': 'mako',
'context': {
'peers': health_checks,
},
'mode': '0755',
}
files['/etc/cron.d/wg_health_check'] = {
'content': '* * * * * root /usr/local/bin/wg_health_check | logger -t wg_health_check\n',
}
files['/usr/local/bin/wg_health_check'] = {
'content_type': 'mako',
'context': {
'peers': node.metadata.get('wireguard/health_checks'),
},
'mode': '0755',
}
if node.has_bundle('pppd'):
files['/etc/ppp/ip-up.d/reconnect-wireguard'] = {

34
bundles/wireguard/metadata.py
View file

@ -244,3 +244,37 @@ def snat(metadata):
},
},
}
@metadata_reactor.provides(
'wireguard/health_checks',
'systemd-timers/timers/wg-health-check',
)
def health_checks(metadata):
checks = {}
for peer, config in metadata.get('wireguard/peers', {}).items():
if (
config.get('exclude_from_monitoring', False)
or 'endpoint' not in config
):
continue
checks[peer] = config['their_ip']
if not checks:
return {}
return {
'systemd-timers': {
'timers': {
'wg-health-check': {
'command': '/usr/local/bin/wg_health_check',
'when': 'minutely',
},
},
},
'wireguard': {
'health_checks': checks,
},
}